Hello, world!

// Create an HMAC-protected JWS object with some payload
JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256),
new Payload("Hello, world!"));
// We need a 256-bit key for HS256 which must be pre-shared
byte[] sharedKey = new byte[32];
new SecureRandom().nextBytes(sharedKey);
// Apply the HMAC to the JWS object
jwsObject.sign(new MACSigner(sharedKey));
// Output to URL-safe format
jwsObject.serialize();

JWK

Key type

JWK kty identifier

RSA (RFC 3447)

RSA

Elliptic Curve (DSS)

EC

Octet sequence (symmetric key)

oct

Crypto is fully decoupled from the JOSE / JWT object representations

New JWA algorithms can be easily added. A set of interfaces effectively
decouple the JOSE / JWT objects from the JWA crypto code for signing /
verification and encryption / decryption. Multiple JCA providers, including
hardware-based (smart cards and HSM),
are supported. Developers are free to use the provided algorithm
implementations or plug their own.

JavaDocs

The Nimbus JOSE + JWT code comes with complete JavaDocs.
Use them as your trustworthy API reference to discover the library’s many
features and capabilities. You can download the JavaDocs from Maven Central, or
browse them online.

System requirements and dependencies

[optional] BouncyCastle can be used as
an alternative crypto backend via the standard Java Cryptography Architecture
(JCA) interface. Users typically resort to BouncyCastle if they run an older
Java edition (6 or 7) that doesn’t support certain JWS and JWE crypto
operations. See JCA algorithm support
for more info.

JWK generator

A tool for generating RSA, EC and symmetric JSON Web Keys (JWKs) is also
available, thanks to Justin Richer. He
also hosts an online version.

To post bug reports and suggestions

History

Development of this library was started by Connect2id
in January 2012. The initial code was based on JWS/JWE/JWT crypto classes
factored out of the OpenInfoCard project. A rewrite to fully decouple the
JOSE + JWT object representation from the crypto implementation led to the next
major 2.0 release in October 2012. Today the library is used by our
OpenID Connect server and numerous other products and
services in identity, messaging, mobile and finance.

Acknowledgements

Axel Nennker and the developers behind OpenInfoCard for providing much of the
initial code.